Vergleich xmlhttp.php - 1.4.1 - 1.4.15

  Keine Änderungen   Hinzugefügt   Modifiziert   Entfernt
Zeile 6Zeile 6
 * Website: http://www.mybboard.net
* License: http://www.mybboard.net/about/license
*

 * Website: http://www.mybboard.net
* License: http://www.mybboard.net/about/license
*

 * $Id: xmlhttp.php 4117 2008-08-15 15:38:41Z Tikitiki $

 * $Id: xmlhttp.php 5379 2011-02-21 11:06:42Z Tomm $

 */

/**

 */

/**

Zeile 41Zeile 41

// Send no cache headers
header("Expires: Sat, 1 Jan 2000 01:00:00 GMT");


// Send no cache headers
header("Expires: Sat, 1 Jan 2000 01:00:00 GMT");

header("Last-Modified: " . gmdate("D, d M Y H:i:s") . "GMT");

header("Last-Modified: " . gmdate("D, d M Y H:i:s") . " GMT");

header("Cache-Control: no-cache, must-revalidate");
header("Pragma: no-cache");


header("Cache-Control: no-cache, must-revalidate");
header("Pragma: no-cache");


Zeile 335Zeile 335
			xmlhttp_error($lang->edit_time_limit);
}
}

			xmlhttp_error($lang->edit_time_limit);
}
}

 

// Forum is closed - no editing allowed (for anyone)
if($forum['open'] == 0)
{
xmlhttp_error($lang->no_permission_edit_post);
}


	if($mybb->input['do'] == "get_post")
{
// Send our headers.
header("Content-type: text/xml; charset={$charset}");

	if($mybb->input['do'] == "get_post")
{
// Send our headers.
header("Content-type: text/xml; charset={$charset}");

		

		

		$post['message'] = htmlspecialchars_uni($post['message']);

// Send the contents of the post.

		$post['message'] = htmlspecialchars_uni($post['message']);

// Send the contents of the post.

Zeile 356Zeile 363
			xmlhttp_error($lang->invalid_post_code);
}


			xmlhttp_error($lang->invalid_post_code);
}


		$message = strval($_POST['value']);

		$message = strval($mybb->input['value']);

		if(my_strtolower($charset) != "utf-8")
{
if(function_exists("iconv"))

		if(my_strtolower($charset) != "utf-8")
{
if(function_exists("iconv"))

Zeile 370Zeile 377
			else if(my_strtolower($charset) == "iso-8859-1")
{
$message = utf8_decode($message);

			else if(my_strtolower($charset) == "iso-8859-1")
{
$message = utf8_decode($message);

			}
}


			}
}


		// Set up posthandler.
require_once MYBB_ROOT."inc/datahandlers/post.php";
$posthandler = new PostDataHandler("update");
$posthandler->action = "post";

		// Set up posthandler.
require_once MYBB_ROOT."inc/datahandlers/post.php";
$posthandler = new PostDataHandler("update");
$posthandler->action = "post";





		// Set the post data that came from the input to the $post array.
$updatepost = array(
"pid" => $mybb->input['pid'],

		// Set the post data that came from the input to the $post array.
$updatepost = array(
"pid" => $mybb->input['pid'],

Zeile 409Zeile 416

require_once MYBB_ROOT."inc/class_parser.php";
$parser = new postParser;


require_once MYBB_ROOT."inc/class_parser.php";
$parser = new postParser;

		

		

		$parser_options = array(
"allow_html" => $forum['allowhtml'],
"allow_mycode" => $forum['allowmycode'],

		$parser_options = array(
"allow_html" => $forum['allowhtml'],
"allow_mycode" => $forum['allowmycode'],

Zeile 519Zeile 526
		if(!is_moderator($quoted_post['fid']) && $quoted_post['visible'] == 0)
{
continue;

		if(!is_moderator($quoted_post['fid']) && $quoted_post['visible'] == 0)
{
continue;

		}

		}

		
// Swap username over if we have a registered user
if($quoted_post['userusername'])

		
// Swap username over if we have a registered user
if($quoted_post['userusername'])

Zeile 586Zeile 593
}
else if($mybb->input['action'] == "username_availability")
{

}
else if($mybb->input['action'] == "username_availability")
{

 
	if(!verify_post_check($mybb->input['my_post_key'], true))
{
xmlhttp_error($lang->invalid_post_code);
}


	require_once MYBB_ROOT."inc/functions_user.php";
$username = $mybb->input['value'];

// Fix bad characters
$username = trim($username);

	require_once MYBB_ROOT."inc/functions_user.php";
$username = $mybb->input['value'];

// Fix bad characters
$username = trim($username);

	$username = str_replace(array(unicode_chr(160), unicode_chr(173), unicode_chr(0xCA), dec_to_utf8(8238), dec_to_utf8(8237)), array(" ", "-", "", "", ""), $username);

	$username = str_replace(array(unicode_chr(160), unicode_chr(173), unicode_chr(0xCA), dec_to_utf8(8238), dec_to_utf8(8237), dec_to_utf8(8203)), array(" ", "-", "", "", "", ""), $username);


// Remove multiple spaces from the username
$username = preg_replace("#\s{2,}#", " ", $username);


// Remove multiple spaces from the username
$username = preg_replace("#\s{2,}#", " ", $username);

 
	
if(empty($username))
{
echo "<fail>{$lang->banned_characters_username}</fail>";
exit;
}


header("Content-type: text/xml; charset={$charset}");



header("Content-type: text/xml; charset={$charset}");


Zeile 603Zeile 621
	if($banned_username)
{
echo "<fail>{$lang->banned_username}</fail>";

	if($banned_username)
{
echo "<fail>{$lang->banned_username}</fail>";

		exit;

		exit;

	}

// Check for certain characters in username (<, >, &, and slashes)
if(strpos($username, "<") !== false || strpos($username, ">") !== false || strpos($username, "&") !== false || my_strpos($username, "\\") !== false || strpos($username, ";") !== false)

	}

// Check for certain characters in username (<, >, &, and slashes)
if(strpos($username, "<") !== false || strpos($username, ">") !== false || strpos($username, "&") !== false || my_strpos($username, "\\") !== false || strpos($username, ";") !== false)

	{

	{

		echo "<fail>{$lang->banned_characters_username}</fail>";

		echo "<fail>{$lang->banned_characters_username}</fail>";

		exit;
}


		exit;
}


	// Check if the username is actually already in use
$query = $db->simple_select("users", "uid", "LOWER(username)='".$db->escape_string(my_strtolower($username))."'");
$user = $db->fetch_array($query);

	// Check if the username is actually already in use
$query = $db->simple_select("users", "uid", "LOWER(username)='".$db->escape_string(my_strtolower($username))."'");
$user = $db->fetch_array($query);





	if($user['uid'])
{

	if($user['uid'])
{

		$lang->username_taken = $lang->sprintf($lang->username_taken, $username);

		$lang->username_taken = $lang->sprintf($lang->username_taken, htmlspecialchars_uni($username));

		echo "<fail>{$lang->username_taken}</fail>";
exit;

		echo "<fail>{$lang->username_taken}</fail>";
exit;

	}

	}

	else
{

	else
{

		$lang->username_available = $lang->sprintf($lang->username_available, $username);

		$lang->username_available = $lang->sprintf($lang->username_available, htmlspecialchars_uni($username));

		echo "<success>{$lang->username_available}</success>";
exit;
}
}
else if($mybb->input['action'] == "username_exists")
{

		echo "<success>{$lang->username_available}</success>";
exit;
}
}
else if($mybb->input['action'] == "username_exists")
{

 
	if(!verify_post_check($mybb->input['my_post_key'], true))
{
xmlhttp_error($lang->invalid_post_code);
}


	require_once MYBB_ROOT."inc/functions_user.php";
$username = $mybb->input['value'];


	require_once MYBB_ROOT."inc/functions_user.php";
$username = $mybb->input['value'];


Zeile 649Zeile 672

if($user['uid'])
{


if($user['uid'])
{

		$lang->valid_username = $lang->sprintf($lang->valid_username, $username);

		$lang->valid_username = $lang->sprintf($lang->valid_username, htmlspecialchars_uni($username));

		echo "<success>{$lang->valid_username}</success>";
exit;
}
else
{

		echo "<success>{$lang->valid_username}</success>";
exit;
}
else
{

		$lang->invalid_username = $lang->sprintf($lang->invalid_username, $username);

		$lang->invalid_username = $lang->sprintf($lang->invalid_username, htmlspecialchars_uni($username));

		echo "<fail>{$lang->invalid_username}</fail>";
exit;
}

		echo "<fail>{$lang->invalid_username}</fail>";
exit;
}

Zeile 673Zeile 696
		);
$timecut = TIME_NOW - $mybb->settings['wolcutoff'];
$query = $db->simple_select("users", "uid, username, usergroup, displaygroup, lastactive, lastvisit, invisible", "uid IN ({$mybb->user['buddylist']})", $query_options);

		);
$timecut = TIME_NOW - $mybb->settings['wolcutoff'];
$query = $db->simple_select("users", "uid, username, usergroup, displaygroup, lastactive, lastvisit, invisible", "uid IN ({$mybb->user['buddylist']})", $query_options);

		$buddy_array = array();


		$online = array();
$offline = array();

		while($buddy = $db->fetch_array($query))
{
$buddy_name = format_name($buddy['username'], $buddy['usergroup'], $buddy['displaygroup']);

		while($buddy = $db->fetch_array($query))
{
$buddy_name = format_name($buddy['username'], $buddy['usergroup'], $buddy['displaygroup']);